On June 13th, The popular U.K. based electronic and telecom retailer Dixons Carphone disclosed that it has recently discovered that it was breached in 2017 which may have compromised almost 6 million payment cards and 1.2 million personal data records. The company disclosed that there had been unauthorized access to sensitive data starting in July 2017 with no evidence of persistent access.
With GDPR now in full force, Dixons Carphone was legally required to send out a breach notification within 72 hours of discovery otherwise face potential fines. Dixons Carphone did not disclose which specific systems were targeted in the 2017 breach, only that payment cards in one of the processing systems was compromised.
Dixons Carphone took precautionary measures by immediately notifying card companies about the potentially compromised cards to alert and protect customers of possible fraud. The company may also be required under GDPR to provide credit monitoring for the affected individuals for a year or more. There has not been any reported use of the 6 million cards in question at this time.
The Proficio Threat Intelligence Recommendations:
- Regular credit checks and reviews of monthly financial statements to ensure fraudulent activity has not occurred
- If an organization falls under the scope of GDPR, note the new articles explaining the new requirements around data breach notifications.
General Info – Click Here